Penetration Testing mailing list archives

RE: What is your policy on customers participating in a pen test?

From: "Ken Halbeck" <khalbeck () grayhatsecurity com>
Date: Tue, 19 Jun 2001 17:31:24 -0700

J,

Our experience has been that the customer usually has someone from their IT
staff on duty at the location while we are performing the test. We actually
recommend in this in event that we take one of their critical / key servers
or routers offline and it needs to be rebooted. It also helps out on the
communication between us and the client who's admin is usually a gearhead
and interested hacking / security at some level. Like you we provide some
time onsite with one of engineers to go over the test with them and answer
any questions that they might have. Ultimately is establishes a good line
communication with the client, potential repeat business, and a level of
trust between all parties.

Ken

-----Original Message-----
From: Joe Klein [mailto:jsklein () mindspring com]
Sent: Monday, June 18, 2001 11:00 PM
To: pen-test () securityfocus com
Subject: What is your policy on customers particapating in a pen test?


All:

I am hearing customers request ( and some times demand ) that they be part
of a
pen test.

Currently, we offer the customer 4 - 8 hours of time to review findings and
show
them what we did, to access there systems. But we do this after the pen test
is
complete.

I was wondering how other companies deal with this issue?

J

Current thread:

Re: Blind IP spoofing portscan tool?, (continued)
- Re: Blind IP spoofing portscan tool? Chris Winter (Jun 14)
- RE: Blind IP spoofing portscan tool? Filipe Almeida (Jun 15)
- Re: Blind IP spoofing portscan tool? Alberto_Revelli (Jun 14)
- RE: Blind IP spoofing portscan tool? Yonatan Bokovza (Jun 14)
- RE: Blind IP spoofing portscan tool? thomas olofsson (Jun 18)
  - What is your policy on customers particapating in a pen test? Joe Klein (Jun 19)
    - Re: What is your policy on customers particapating in a pen test? Meritt James (Jun 19)
    - RE: What is your policy on customers particapating in a pen test? Ken Pfeil (Jun 21)
    - Re: What is your policy on customers particapating in a pen test? GBH (Jun 19)
    - Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 19)
    - RE: What is your policy on customers participating in a pen test? Ken Halbeck (Jun 19)
    - Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 20)
    - Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 21)
    - Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 22)
    - RE: What is your policy on customers particapating in a pen test? Bojan Zdrnja (Jun 25)
    - RE: What is your policy on customers participating in a pen test? Dom De Vitto (Jun 21)
    - Re: What is your policy on customers particapating in a pen test? Gary Warner (Jun 21)
    - Re: What is your policy on customers particapating in a pen test? Meritt James (Jun 21)